Thursday, March 18, 2010

There has been a lot of questions floating around regarding social media.

About two weeks ago, the Department of Defense released its final social media guidelines and policy memorandum. More questions came up.

To address some of these concerns, the DoD also distributed a well-thought Q&A about Responsible and Effective Use of Internet-based Capabilities.

If you have questions of your own regarding the Oregon National Guard's social media policy or guidelines, please feel free to start a discussion here in the comments section. We welcome all your inquiries and will be happy to address each one.

Here is the DoD list, in its entirety, for your reading pleasure. Feel free to share it across your social media networks, and amongst your workmates.

Q1: What was the impetus for undertaking the Internet-based capabilities policy review?A1: Internet-based capabilities, including social-networking services (SNS), have become integral tools for all manner of operations across the Department of Defense (DoD) and in collaboration with other federal agencies and the public. However, inconsistent development and implementation of policies regulating access to these capabilities among DoD components created confusion regarding what is or is not permissible. Establishing a DoD-wide policy allows the components to confidently, responsibly, securely and effectively utilize these tools, while ensuring consistent and open access for all DoD employees.

Q2: What was the determining factor in the decision to provide access to Internet-based capabilities consistently across DoD components?A2: The review of Internet-based capabilities revealed that these capabilities have had a transformative effect on how the DoD does business internally and across the federal government. The DoD components, through their input, also revealed that they use these capabilities to communicate with many key stakeholder groups external to DoD, for purposes ranging from public affairs to recruiting to research and collaboration. Additionally, DoD families revealed how important Internet communication is to their morale and welfare during deployments. As a result of these findings, it was determined that access to Internet-based capabilities is a critical functionality that must be preserved, despite some associated risks. Therefore, rather than restricting access to these capabilities, the NIPRNET must be configured and guidance integrated regarding the proper use of Internet-based capabilities into OPSEC education, training and awareness activities to allow safe use of them by all components.

Q3. Will component commanders still have the ability to restrict access to Internet-based capabilities?A3: Component commanders will maintain the authority to take steps to defend against malicious activity affecting DoD networks (e.g., distributed denial of service attacks, intrusions) and to safeguard missions. However, actions are intended to be temporary and/or necessary to safeguard specific missions. It is DoD’s default position that the NIPRNET shall be configured to provide access to Internet-based capabilities consistently across all DoD components.

Q4. Why have different DoD components and installations had different policies regarding access to Internet-based capabilities up until now? A4. Until the release of this DTM, there has not been a DoD-wide policy uniformly addressing Internet-based capabilities. Previous instructions have been limited to restricting access to only certain Web services as a means of preserving network capacity. In the absence of overarching policy, components developed their own policies based on perceived network-security threats, resource constraints, and mission needs. This DTM removes that ambiguity.

Q5: Define the scope of Internet-based Capabilities in regard to DoD systems.A5: For the purposes of this DTM, Internet-based capabilities are limited to those online services that exist outside of the DoD firewall and which are not owned, operated or controlled by DoD. In other words, Internet-based capabilities do not include proprietary software that was developed or modified (beyond basic cosmetic changes) specifically for a DoD component and is unavailable to the general public. Even though these proprietary applications may share functionality with publicly available commercial alternatives, they are not covered under the DTM.

Q6: When will my command open up access to Internet-based capabilities?A6: The policy is effective immediately. DoD Component Heads are expected to immediately begin taking any actions necessary to ensure compliance with the DTM. The specific rollout timeline for each component will vary according to their individual plans.

Q7: Is use of social networking services required?A7: No individual or component within DoD is required to utilize social networking services. Due to the fundamental shift in business processes these tools are causing, DoD believes it is in the interest of components to engage on a professional level; however, there is no requirement to participate.

Q8: What will happen to existing social networking presences that were established prior to release of the DTM?A8: Existing presences on social networking services can continue to operate provided that they are brought into compliance with the policies described in the DTM. Component heads should ensure widest possible dissemination of the DTM so that personnel are aware of their responsibilities.

Q9: Where do I register my External Official Presence?A9: With the approval of your commander, External Official Presences must be registered with your service’s External Official Presence registry. The Office of the Assistant Secretary of Defense for Public Affairs maintains a centralized registry of External Official Presences on the Defense.gov Web portal (http://www.defense.gov/RegisteredSites/SocialMediaSites.aspx) that is populated by the service External Official Presence registries.

Q10: Which activities must be registered?A10: Only External Official Presences (as defined in the DTM) must be registered. However, as stated in the DTM, owners of Official Use accounts must notify their local public affairs and operations security staffs of new accounts, and maintain periodic liaison with them to provide general updates on what type of information exchange is taking place via these accounts.

Q11: What is purpose of registering External Official Presences?A11: Registration provides confirmation for the public that a given social media presence is an official DoD activity, thus addressing concerns about impersonation, misinformation, and disinformation. The registry also helps members of the public locate DoD presences on social media sites and find areas of interest; the registry is essentially an index of DoD's External Official Presences.

Q12: Where does the new policy position DoD relative to the rest of government?A12: DoD is collaborating with the chief information officers and other technology and communications experts from throughout the federal government to develop best practices and reach consensus solutions to common legal and implementation challenges. Common challenges include: terms of service agreements, privacy protection, records management, endorsement and advertising, solicitation of public input, etc. (For a longer list, go here, and here.This collaboration is facilitated through the General Services Administration and a variety of cross-agency groups and networks. In addition, the U.S. Federal CIO Council has issued “Guidelines for Secure Use of Social Media by Federal Departments and Agencies,” which is available at the Council’s website, here.Individual federal agencies are at different points in adopting Internet-based capabilities and are responsible for setting their own policies on Internet-based capabilities as best suits their missions. DoD will remain actively engaged with the inter-agency community moving forward.

Q13: How was the Internet-based capabilities policyA13: At the direction of the Deputy Secretary of Defense, the DoD Chief Information Officer led a policy development effort that involved combatant commands, military departments, the Joint Staff, military families and others. In order to gain maximum insight, lend transparency to the process, and reach consensus through robust internal participation, management of the review and coordination on documents was conducted using an online shared workspace on Intelink, including a wiki, blog and discussion forums.

Public participation was enabled through a blog hosted on the DoDLive.mil platform. Military families and Web 2.0 subject matter experts were encouraged to submit comments regarding social media use by DoD. The abundant feedback received was incorporated into the final analysis presented to the DEPSECDEF. Through the use of social media and collaborative applications, the entire policy development process was intended to demonstrate a proof-of-concept for the value of Web 2.0 technologies.

Q14. Does this mean the Marine Corps ban on Social Networking Sites on the Marine networks must be reversed?A14. All DoD Components, including the Department of the Navy and the Marine Corps, will be required to review their current Internet posture and take steps to comply with this policy.

Q15. Is DoD concerned this open Internet policy will consume bandwidth needed in Afghanistan for mission purposes? Could certain sites like YouTube be blocked as they were in 2007 for bandwidth needs?A15. While the DTM establishes the DoD position that the default is to allow access to Internet-based capabilities, it also states that commanders at all levels and heads of components shall continue to defend the network and take immediate and commensurate actions, as required, to safeguard missions. This provision acknowledges the real-world bandwidth constraints in the operational environment and recognizes that commanders may need to temporarily restrict access to the Internet or to types of Internet content (e.g., video, email attachments, etc.) to preserve bandwidth for missions. Any actions taken to safeguard missions should be tailored in scope and duration as needed to address the malicious activity or otherwise safeguard the mission, with the intent of restoring access to Internet-based capabilities as soon as possible. Restricting access to a discrete set of the most popular Internet-based capabilities has proven to be ineffective at limiting bandwidth and is not sufficient to safeguard missions.

Q16. Does this new policy rescind or alter any existing DoD policies on operational security, ethics, privacy etc.?A16. Existing policies regarding operational security, ethics, privacy, etc still apply to the use of internet based capabilities -- including social networking tools --from a DoD networked computer.

Q17. Will there be any additional training or implementation guidelines provided to Components and Services related to this new policy?A17. The DTM provides that guidance for responsible and effective use of Internet-based capabilities will be provided by ASD (NII)/DoD CIO and that this guidance will be integrated into information assurance education, training and awareness activities.

Q18: According to the Deputy Secretary of Defense Memo dated 31 July, a policy for social networking sites and Web 2.0 was supposed to have been completed by 30 Sep 09. Why wasn't it completed by then, and why has it taken so long to get an approved policy?A18: In order to address all of the concerns from various stakeholders and components, the timeline was extended to allow for a more thorough vetting process. This DTM has taken all of those concerns under consideration and provided a policy that allows for access while still protecting the network.

Q19: In May 2007, the DoD issued an order blocking a specific set of “recreational websites”.A19: Yes.

1 comment:

Americans want to know first-hand what is going on on the other side of the world, where our troops are stationed and representing us. We have a right, as well as our soldiers, to know what is going on over there. I feel very strongly about the military easing up on their "rules" for social media.